The Department for Work and Pensions (DWP) has released several updates relating to IT projects and spend in its annual report and accounts, which includes thousands of changes to digital services as a response to the Covid-19 outbreak, as well as write-offs relating to IT projects surpassing £10m.
One of the failed projects relates to the DWP’s health transformation programme, which cost £4.8m of taxpayer money. The programme relates to a decision made in May 2018 to build a contingency IT solution to support Personal Independence Payment assessments if the system being built by the programme was not available in time for contract transition.
After a review, the programme board decided the main system would be ready for transition from March 2020 and therefore decided to write off the spending related to the contingency IT system. This was listed under the “constructive losses” section of the report.
Another loss, of £3.1m, relates to a deal signed with Computacenter for a cloud-based remote secure access and web gateway systems which was provided by Palo Alto Technologies. According to the DWP, it later became clear the web gateway element would not support the number of users required of it, so the system could not be used.
In addition, a third write-off is a £2.8m purchase of Microsoft Defender Advanced Threat Protection, which is designed to protect IT networks against computer viruses and malware.
According to the DWP’s annual accounts report, “over time, it emerged that MS Defender was not compatible with key aspects of the department’s IT environment” and could not be utilised.
The department also outlined the goals that drove the projects around technology in 2019 and the first half of 2020: enabling transformation, improving stability and performance of digital systems, strengthening cyber security, and building a future digital approach as well as sufficient skills to drive these goals forward.
Digital transformation in the pandemic
Regarding digital transformation, advances made by the DWP IT team cited in the department’s annual accounts report include 3,500 wider digital changes made from February to April, with specific focus on handling the Covid-19 pandemic.
“Our investment in digital capabilities has strengthened both our resilience and ability to deliver services in more efficient ways,” said permanent secretary Peter Schofield, in the annual report’s overview.
To support home working, the department quadrupled the capacity of its virtual private network (VPN) and provided 16,000 new devices to allow staff to work remotely. A virtual service centre has also been created.
To respond to a six-fold increase in Universal Credit claims, the department also had to make changes quickly to streamline transactions. This included a fast-tracked delivery of the Confirm your Identity service to speed up new applications and allow Universal Credit users to prove their identity online rather than having to visit a jobcentre.
Payment capacity also had to be significantly increased, the report noted, to enable digital access to additional benefits such as Employment and Support Allowance, and to simplify applications for Bereavement Support Payments.
Beyond the Covid-focused initiatives around digital, the DWP also reported a roll-out of 7,082 customer computers in jobcentres to provide better tools for those looking for work while promoting digital inclusion. In addition, there has been an upgrade of staff technology, with the implementation of 50,000 PCs, 20,000 laptops, Wi-Fi roll-out and the introduction of new collaboration tools.
Work relating to transformation includes advances around pension services. According to the department, it takes eight minutes on average to make a state pension claim only and the process is fully automated. The online take-up of the Check your State Pension digital service is at 94%, with user satisfaction at 85%, and 19 million forecasts have been delivered through the service.
Service stability and skills
In the IT service stability front, the DWP reported progress, with core benefit payment services being re-platformed to modern hardware and software, with eight of 11 replacements delivered by to 13 April 2020. The remaining three migrations are expected to to be completed by the end of 2020-21.
According to the department, downtime for 2019-20 stood at 0.02%, compared with 0.1% last year, equating to 27,000 extra service hours. The improvements are associated to re-hosting services to the cloud, as well as improved service monitoring and incident management, which reduced IT incidents by 21% in comparison with 2018-19.
When it comes IT skills, the DWP reported it has recruited hundreds of digital specialists, and that it has boosted the capability of its existing workforce through internal promotions, with up to 40% of successful candidates for advertised roles coming from the department itself. Progress has also been made in relation to diversity, the report said, as well as improving gender balance in senior digital roles.
Security and data protection
In relation to security, the DWP said that in 2019-20, it has improved its ability to detect and respond to threats to infrastructure and services, enhanced the management of security risks and provided training to ensure staff take personal responsibility for security and data protection within the department.
The report noted that during the pandemic, the DWP built extra security and data protection measures as a key part of decision-making processes. Security-related advice was provided to staff regularly to those working remotely, particularly when it came to protecting citizen data, in compliance with the General Data Protection Regulation (GDPR). Conversely, guidance was also given to citizens around protecting against online threats and fraud.
Beyond the immediate data protection requirements presented by the pandemic, the DWP noted it has embedded additional legal, security and ethical standards to the way in which it deals with data.
An example cited is the introduction of 400 data champions, which are embedded through DWP and who cascade key messages aimed at building a data-capable workforce. The data protection officer team also works with the DWP’s arm’s-length bodies to ensure compliance, and data-protection-by-design processes are built into new digital services.
According to the report, GDPR compliance at the DWP is managed by a task force with oversight from a dedicated board led by chief data officer Paul Lodge. The board reviews and monitors performance and reports to the permanent secretary and the executive team at the department and the Information Commissioners Office via the data protection officer.
“We are members of a global best practice data protection network which shares learning and best practices and assists us to hold ourselves to the highest data security, protection and quality standards,” the report said.
“This all ensures data is collected, stored, archived and disposed of legally and securely, and that we improve our and the public’s confidence in the accuracy, validity and timeliness of the data we hold,” it added.